As our collective reliance on digital systems grows, the threat of cyber attacks looms ever larger. And recent incidents highlight how devastating these attacks can be, crippling companies for days or even weeks and costing massive sums.
The June 2024 cyber attack on CDK Global, whose software supports car dealerships in managing scheduling and records, for example, was only resolved in early July. The software vendor, which serves over 15,000 auto retail locations in North America, was hit with crippling cyber attacks in June, leading to a 3.8% decline in U.S. new-vehicle sales in June 2024 vs. a year ago according to GlobalData.
Only a month earlier, in May 2024, Ascension, a nonprofit network of 140 hospitals across 19 states, was hit by a cyber attack, forcing the diversion of ambulances and taking nearly a month to fully resolve. And in early 2024, a ransomware attack on Change Healthcare, part of the UnitedHealth Group, disrupted pharmacy billing nationwide, threatening the stability of some healthcare providers.
Hackers are becoming more sophisticated, often lurking undetected within systems. They tend to target industries like healthcare that frequently use outdated systems, making them easier prey. This trend underscores the importance of quick detection, as outlined in IBM’s 2020 Cost of a Data Breach Report, which found that companies take an average of 207 days to identify a breach and another 73 days to contain it.
In the event of a cyber attack, swift and strategic action is essential. Here are seven crucial steps organizations should take to minimize the impact and facilitate recovery:
- Mobilize your Cybersecurity Response Team
When a cyberattack is detected, the first step is to activate your cybersecurity response team. This team should consist of cross-disciplinary professionals who are trained to protect your business. It’s crucial that each member understands their role and is prepared to respond effectively to any attack.
- Identify the Type of Attack
To respond effectively, your cybersecurity team must accurately identify the type of attack. Understanding the nature of the attack helps you focus your efforts on containment and recovery. It’s essential to determine not only the type but also the likely source, extent, and potential impact of the attack.
- Contain the Breach
Most passive attacks aim to create a persistent backdoor into your systems, allowing attackers to extract data over time. It’s crucial to identify and eliminate any access points they may have. This is equally important in the case of active attacks.
No matter the type of cyber attack, your team should quickly disconnect the affected network from the internet, disable all remote access, reroute network traffic, and change all vulnerable passwords.
The goal is to completely block the attackers’ access, allowing you to restore your systems to a more secure state.
- Assess and Repair the Damage
After containing the attack, evaluate the impact on critical business functions. Identify which data has been compromised, which systems were accessed, and whether any unauthorized entry points remain. You may need to reinstall systems, restore data from backups, and repair or replace any damaged hardware.
- Report the Attack
Promptly report the incident to the appropriate authorities, including the Federal Bureau of Investigations (FBI) and state and local law enforcement. Additionally, contact the Secret Service’s Electronic Crimes Task Force (ECTF), the Internet Crime Complaint Center (IC3), and the Federal Trade Commission (FTC). If your company has cyber liability insurance, reach out to your insurer for guidance and support.
- Communicate with Customers
Collaborate with your PR team to effectively manage the public impact of the incident. Notify your customers, especially if their data was affected. It’s important to issue a press release about the attack, being upfront and transparent to maintain public trust.
- Learn from the Experience
Finally, conduct a thorough investigation to understand what happened and identify improvements in your systems and procedures to prevent future attacks. Use this incident as an opportunity to enhance your company’s cybersecurity posture, making it stronger and more resilient.
Navigating a cyber attack demands swift action, coordination across teams, and transparency with stakeholders. By following these essential steps—from mobilizing your response team to learning from the incident—organizations can not only minimize the impact of cyber threats but also strengthen their defenses for the future. In an increasingly digital landscape, proactive cybersecurity measures are crucial for safeguarding business continuity and maintaining trust with customers and partners alike.
Stay vigilant, stay prepared, and continue to evolve your cybersecurity strategies to stay ahead of emerging threats.